Too many features no security

We have lost in the crowd of latest features/functionality and ignoring the fact that the Internet and most applications were never designed with security in mind.

According to latest study from IBM Security and the Ponemon Institute:

Customer need and demand often affect mobile application security. 65% of the participants in this study strongly agree that the security of mobile apps is sometimes put at risk because of expanding customer demand or need. The “rush to release” phenomenon challenges an organization’s ability to address the risks of data leakage and malware.

A formal release about the study stated that the report:

Found that the average company tests less than half of the mobile apps they build. Also, 33 percent of companies never test their apps – creating a plethora of entry points to tap into business data via unsecured devices. While these numbers may seem shocking, they aren’t surprising when considering that a full 50 percent of these organizations were found to devote zero budget whatsoever towards mobile security

As an eWeek story pointed out, mobile apps are quickly becoming a hacker’s treasure trove:

Hackers are now taking advantage of the popularity of insecure mobile apps, public WiFi networks and more to break into the highly valuable data often housed on BYOD and corporate mobile devices. Further, they’re also tapping mobile devices as an entry portal into an organization’s broader, confidential internal network.

Corporations have the chance to really do something about the security of the apps they are developing and to show that they respect the personal data of their customers, clients and employees. But they aren’t. My first reaction is to ask if they have learned nothing from the recent spate of data breaches and the collateral damages done to companies. However, Target and the other breaches did not happen because of a security-flawed mobile app.

It’s bound to happen, though, as more commerce and business transactions take place on mobile devices, and we wouldn’t be surprised if a major security breach via a mobile app happens in the next six months. It would be a breach that could be prevented, though, if companies took app security more seriously or if security was integrated into the development and testing phases.